package com.sinog.front.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.oauth2.client.EnableOAuth2Sso;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @desc OAuth客户端的配置信息
 * @author zy
 * @date 2019年8月12日 11点04分
 */
@EnableOAuth2Sso
@EnableWebSecurity
public class WebsecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 登陆失效地址
     */
    @Value("${gkzx.azbj.auth.logout-url}")
    private String logoutUrl;

    /**
     * 描述
     * @param web web
     */
    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/webjars/**", "/static/**", "/error/**");
    }

    /**
     * 描述
     * @param http http
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        // 开启允许iframe 嵌套
        http.headers().frameOptions().disable();
        http.httpBasic().disable().authorizeRequests()
            .antMatchers("/user/password",
                    "/user/info",
                    "/user/verifypwd",
                    "/pro/api/**",
                    "/azbj/verification/**",
                    "/user/getuser",
                    "/transmission/api/**",
                    "/upload/chrome/download",
                    "/redis/api/**",
                    "/azbj/user/getSjUserAll",
                    "/azbj/azbjgl/oldToNewMiddle",
                    "/azbj/azbjgl/moveZfData",
                    "/front/checkUserState",
                    "/user/getuser/getLoginUserDepartId",
                    "/azbj/area/fallBackByUuid"
                    )
            //其他地址的访问均需验证权限
            .permitAll().anyRequest().authenticated()
            //使登录信息失效
            .and().logout().logoutSuccessUrl(logoutUrl).and().csrf().disable().cors().and().headers().frameOptions()
            .disable();
    }
}